CLAUDE Code Security debuted on 20 February 2026, according to Anthropic, triggering a sharp move in cybersecurity stocks. A few days later, Anthropic claimed Claude could read and repair COBOL, and IBM shares fell 13% before recovering once the market processed the scope of the claim. Claude Code Security is a capability built into Claude Code, currently in limited research preview for Enterprise and Team customers, scanning source codebases for vulnerabilities and proposing targeted patches for human review.
It differs from traditional SAST tools by prioritising architectural reasoning over pattern matching, aiming to understand data flows and interactions between components. According to SOCRadar’s CISO, Ensar Seker, the strongest value lies in vulnerability classes like business logic flaws, broken authorisation flows, authentication bypasses, and multi-step injection chains that static analysis cannot reach.
The article notes that AI reasoning can surface issues in code that is technically valid but architecturally insecure, while noting that supply chain risk and secrets management remain unaddressed.